Page 114 of 35169 results (0.338 seconds)

CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0

An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the win32kfull driver. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43556 • CWE-416: Use After Free •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. • https://github.com/p33d/CVE-2024-43363 https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0

Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. • https://github.com/PHPOffice/PhpSpreadsheet/security/advisories/GHSA-w9xv-qf98-ccq4 • CWE-36: Absolute Path Traversal CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0

An authenticated user may use a specially crafted Lua script to trigger a stack buffer overflow in the bit library, which may potentially lead to remote code execution. • https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9 https://github.com/redis/redis/security/advisories/GHSA-whxg-wx83-85p5 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •

CVSS: 7.6EPSS: 0%CPEs: -EXPL: 0

Authenticated RCE via Path Traversal • https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •